Uncovering alleged fraud or suspicious financial activities within an organization’s financial statement audit is both a nightmare for many (catching management and governance sectors off guard) and a difficult reality for the auditor or auditing teams involved.
Auditors define fraud, in the context of a financial audit, as “an intentional act by one or more individuals among… those charged with governance… involving the use of deception that results in a misstatement in financial statements…”[1] This means that in an allegation of fraud, an auditor must determine whether the suspected fraud might result in a material misstatement of finances as they move forward, as not all fraudulent acts carry the same impact to the business.
AU-C section 316 paragraphs .06 outline two types of fraudulent activities that may result in financial misstatements, these are fraudulent financial reporting and misappropriation of assets.
Fraudulent financial reporting may present itself in the following:
- Manipulation, falsification, or alteration of accounting records or supporting documents from which financial statements are prepared
- Misrepresentation in or intentional omission from the financial statements of events, transactions, or other significant information
- Intentional misapplication of accounting principles relating to amounts, classification, manner of presentation, or disclosure[2]
Fraudulent financial reporting may not originate from conspiratorial means. Sometimes it can be as simple as a temporary misstatement of an interim financial record with the expectation of later correction.
Examples of misappropriation of assets may include:
- embezzling receipts
- stealing assets
- billing goods and services that are not received/issued
Misappropriation of assets can also involve false documents, ineffective controls, or the ability of employees to override controls which provide opportunities to commit fraud and rationalizing fraudulent acts.
So, what is the first step for auditors when they discover potential fraud? And what are some key questions to guide the investigation?
Say Something
An auditor can only provide communication and evidence regarding the alleged fraud or suspicious financial activity to the appropriate parties and cannot make any legal determinations of guilt, innocence, occurrence, or non-occurrence of fraud. Therefore, notifying the appropriate parties, both client and regulatory authorities (if legally required/applicable) to report the suspicion and present appropriate evidence is the integral first step.
Ask Questions and Document Everything
In the event of a necessary fraud investigation, an auditor must ensure their documentation is sufficient to support the alleged claim and its further investigation. As an auditor gathers information regarding the suspicious activity or alleged fraud, many different questions should be asked in efforts to approach the situation from all angles.
- Who oversees the governance of this information? What are the appropriate members of management?
- Follow standard communication policies outlined in AU-C Section 240 Paragraphs .39 through .41[3]
- Who investigates these allegations? Who follows up on the process?
- Does the organization utilize any automations or data validation tools to oversee and govern their financials?
- What financial statement misstatements are suspicious? Which transactions? Are there suspected missing assets associated with this suspicion?
- Who are the suspects? Are there more than one? What were their levels of access and who oversaw that access?
- How accessible is this information and oversight?
- How long is the period of suspicion?
- Do the suspect(s) have access to many different assets and systems during their time with the organization? What controls are already in place to mitigate fraud, risk, and limit the amount of possible fraud committed by any one person?
- What misstatements to the financials could result from the suspected fraud? Impact to beginning net assets from previous years could be impacted and, if so, what steps will need to be taken to correct this history?
- What are the ways that the suspect(s) could have committed the alleged fraud?
For auditors, asking key questions and collecting appropriate information is important in demonstrating a sufficient response when discovering suspect financial records or possible instances of employee-driven fraud within an organization.
Conclusion
Suspicious financial activities are something all companies hope not to have, but it is critical that auditors step up and take the initiative as soon as anything is discovered to prevent potential fraud from spiraling into an even higher risk situation for the company. Thorough investigation, communication, and documentation are essential to ensure that the company can accurately determine if the suspicious activity is indeed fraudulent, and for the company to be able to take any necessary steps to potentially recover assets and ensure that it cannot happen again.
